Blob Blame History Raw
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Thu, 21 Jan 2021 18:35:22 +1100
Subject: [PATCH] disk/lvm: Do not crash if an expected string is not found

Clean up a bunch of cases where we could have strstr() fail and lead to
us dereferencing NULL.

We'll still leak memory in some cases (loops don't clean up allocations
from earlier iterations if a later iteration fails) but at least we're
not crashing.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 grub-core/disk/lvm.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
index 939afa17d28..7776a0a0a07 100644
--- a/grub-core/disk/lvm.c
+++ b/grub-core/disk/lvm.c
@@ -541,7 +541,16 @@ error_parsing_metadata:
 			}
 
 		      if (seg->node_count != 1)
-			seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
+			{
+			  seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
+			  if (p == NULL)
+			    {
+#ifdef GRUB_UTIL
+			      grub_util_info ("unknown stripe_size");
+#endif
+			      goto lvs_segment_fail;
+			    }
+			}
 
 		      seg->nodes = grub_calloc (seg->node_count,
 						sizeof (*stripe));
@@ -561,7 +570,7 @@ error_parsing_metadata:
 			{
 			  p = grub_strchr (p, '"');
 			  if (p == NULL)
-			    continue;
+			    goto lvs_segment_fail2;
 			  q = ++p;
 			  while (*q != '"')
 			    q++;
@@ -580,7 +589,10 @@ error_parsing_metadata:
 			  stripe->start = grub_lvm_getvalue (&p, ",")
 			    * vg->extent_size;
 			  if (p == NULL)
-			    continue;
+			    {
+			      grub_free (stripe->name);
+			      goto lvs_segment_fail2;
+			    }
 
 			  stripe++;
 			}
@@ -617,7 +629,7 @@ error_parsing_metadata:
 
 			  p = grub_strchr (p, '"');
 			  if (p == NULL)
-			    continue;
+			    goto lvs_segment_fail2;
 			  q = ++p;
 			  while (*q != '"')
 			    q++;
@@ -699,7 +711,7 @@ error_parsing_metadata:
 			  p = p ? grub_strchr (p + 1, '"') : 0;
 			  p = p ? grub_strchr (p + 1, '"') : 0;
 			  if (p == NULL)
-			    continue;
+			    goto lvs_segment_fail2;
 			  q = ++p;
 			  while (*q != '"')
 			    q++;